Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/hLDp0R1tKZ1uQpk7clza_OXTeIc.roa
File:                     hLDp0R1tKZ1uQpk7clza_OXTeIc.roa (raw, json)
Hash identifier:          2IvvdqWOvjCen06JgJKZvx4rVETFnJduNU5B5/20Srw=
Subject key identifier:   84:B0:E9:D1:1D:6D:29:9D:6E:42:99:3B:72:5C:DA:FC:E5:D3:78:87
Certificate issuer:       /CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
Certificate serial:       0197FEAF965873125C4B1FE24304D09EF9D8
Authority key identifier: A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/hLDp0R1tKZ1uQpk7clza_OXTeIc.roa
Signing time:             Sat 12 Jul 2025 12:50:09 +0000
ROA not before:           Sat 12 Jul 2025 12:50:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400039
IP address blocks:        87.248.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:fe:af:96:58:73:12:5c:4b:1f:e2:43:04:d0:9e:f9:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
        Validity
            Not Before: Jul 12 12:50:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84b0e9d11d6d299d6e42993b725cdafce5d37887
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:59:a9:2f:b0:7c:76:f0:71:b3:95:bb:76:f9:
                    f1:ee:cb:ff:c6:23:43:25:a2:65:d0:71:c1:4c:1c:
                    ee:fa:35:b6:a7:e7:41:49:bd:71:6a:c9:d6:50:ee:
                    a9:c7:b7:4d:40:43:a8:39:2c:9c:cc:fa:4b:6d:86:
                    e2:c0:2a:16:98:bb:c6:6c:ff:a3:38:de:b1:f0:6f:
                    06:ff:b2:13:91:50:a1:8a:14:3d:41:c4:da:80:b5:
                    bf:b8:f3:0b:99:6b:4a:34:44:56:62:35:a0:86:de:
                    9f:76:91:dd:ac:0b:cb:6a:9e:a5:1f:86:7f:a6:49:
                    c5:de:70:26:10:12:ab:f5:f3:16:99:59:82:1e:00:
                    93:dc:19:e8:2b:b6:fa:92:08:2f:41:5a:7e:de:22:
                    ea:81:52:f9:72:4d:f9:25:55:4c:67:bc:65:43:af:
                    03:11:13:1d:c1:90:e3:82:bd:25:b8:d1:05:50:66:
                    83:75:fe:93:da:b0:87:7f:ef:be:0c:58:29:8d:88:
                    56:ac:7e:08:ac:29:57:56:6c:bf:15:7b:67:a1:42:
                    08:de:9d:e6:27:e1:3f:21:4d:d0:37:99:29:23:6c:
                    ef:b1:90:43:82:a9:64:06:05:45:09:3a:d5:d0:e4:
                    a7:d9:2a:97:56:dd:60:8f:38:ec:4c:73:68:81:94:
                    76:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:B0:E9:D1:1D:6D:29:9D:6E:42:99:3B:72:5C:DA:FC:E5:D3:78:87
            X509v3 Authority Key Identifier:
                keyid:A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/hLDp0R1tKZ1uQpk7clza_OXTeIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:fb:ee:42:d3:b3:3a:11:1b:d2:cf:dd:1c:4d:43:dd:af:a8:
         bb:da:ba:75:35:38:3f:6f:d5:69:06:c2:12:63:ea:3d:7c:e9:
         c6:46:e3:e1:96:2e:c8:e3:57:8e:8a:bd:b2:dd:a0:9d:19:6a:
         93:71:cb:24:38:2d:39:57:df:4e:eb:a5:1f:96:1d:bc:67:6d:
         d5:ae:bc:ae:60:fc:da:88:8b:9b:33:cf:73:e4:c7:14:fa:c2:
         4e:d7:1b:00:d6:55:28:94:8e:cb:f7:c7:ab:60:e4:c4:25:97:
         3c:10:ea:cf:12:d4:07:6b:d4:3e:45:77:a3:c2:3f:ad:eb:9f:
         ac:6b:80:1a:47:3b:87:20:d5:cc:b4:5a:6a:15:72:f9:1e:20:
         e8:c5:ef:c6:f9:d1:aa:79:63:f9:41:51:e8:6a:5a:7f:5c:5b:
         bb:9e:84:18:e8:e2:44:ec:15:62:d7:b4:fe:ee:7e:e4:0d:ac:
         e0:2f:6b:9c:76:01:95:7a:d6:ae:1d:f1:32:c3:c3:14:df:34:
         d4:08:1d:ea:29:1f:9f:0b:0b:e5:56:c1:56:30:a9:82:5c:27:
         6e:98:6a:f3:7d:6a:01:01:d6:92:e2:13:90:00:35:8f:38:41:
         c8:69:71:ef:a2:1b:51:2c:1e:02:ad:5a:ad:c7:f2:52:3a:32:
         b1:44:ff:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf+r5ZYcxJcSx/iQwTQnvnYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MGNlZTc1ODJlOTc1OWJlMDE2YzkzMWFiMzRkOTI4NWQy
ZmM4YjQwHhcNMjUwNzEyMTI1MDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGIwZTlkMTFkNmQyOTlkNmU0Mjk5M2I3MjVjZGFmY2U1ZDM3ODg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFmpL7B8dvBxs5W7dvnx7sv/xiND
JaJl0HHBTBzu+jW2p+dBSb1xasnWUO6px7dNQEOoOSyczPpLbYbiwCoWmLvGbP+j
ON6x8G8G/7ITkVChihQ9QcTagLW/uPMLmWtKNERWYjWght6fdpHdrAvLap6lH4Z/
pknF3nAmEBKr9fMWmVmCHgCT3BnoK7b6kggvQVp+3iLqgVL5ck35JVVMZ7xlQ68D
ERMdwZDjgr0luNEFUGaDdf6T2rCHf+++DFgpjYhWrH4IrClXVmy/FXtnoUII3p3m
J+E/IU3QN5kpI2zvsZBDgqlkBgVFCTrV0OSn2SqXVt1gjzjsTHNogZR2TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFISw6dEdbSmdbkKZO3Jc2vzl03iHMB8GA1UdIwQY
MBaAFKYM7nWC6XWb4BbJMas02ShdL8i0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTct
ZDNiMzhjZTlkYzM0LzEvaExEcDBSMXRLWjF1UXBrN2NsemFfT1hUZUljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTctZDNiMzhjZTlkYzM0
LzEvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iIMA0G
CSqGSIb3DQEBCwUAA4IBAQCI++5C07M6ERvSz90cTUPdr6i72rp1NTg/b9VpBsIS
Y+o9fOnGRuPhli7I41eOir2y3aCdGWqTccskOC05V99O66Uflh28Z23VrryuYPza
iIubM89z5McU+sJO1xsA1lUolI7L98erYOTEJZc8EOrPEtQHa9Q+RXejwj+t65+s
a4AaRzuHINXMtFpqFXL5HiDoxe/G+dGqeWP5QVHoalp/XFu7noQY6OJE7BVi17T+
7n7kDazgL2ucdgGVetauHfEyw8MU3zTUCB3qKR+fCwvlVsFWMKmCXCdumGrzfWoB
AdaS4hOQADWPOEHIaXHvohtRLB4CrVqtx/JSOjKxRP92
-----END CERTIFICATE-----